Tag: CERTUA

WinRAR as Cyberweapon: UAC-0165 Targets Ukrainian Public Sector with RoarBat
WinRAR as Cyberweapon: UAC-0165 Targets Ukrainian Public Sector with RoarBat

Since the outbreak of the global cyber war, state bodies of Ukraine and its allies have become targets of diverse malicious campaigns launched by multiple hacking collectives. Experts estimate a 250% surge of cyber attacks against Ukraine in 2022 and over 2,000 of them launched by russia-affiliated threat actors since the beginning of the full-fledged […]

Read More
APT28 aka UAC-0001 Group Leverages Phishing Emails Disguised As Instructions for OS Updates Targeting Ukrainian State Bodies
APT28 aka UAC-0001 Group Leverages Phishing Emails Disguised As Instructions for OS Updates Targeting Ukrainian State Bodies

The infamous russian nation-backed hacking collective tracked as APT28 or UAC-0001, which has a history of targeted attacks against Ukrainian government agencies, reemerges in the cyber threat arena.  The latest CERT-UA#6562 alert confirms that over April 2023, the hacking collective has been leveraging the phishing attack vector to massively distribute spoofed emails among Ukrainian state […]

Read More
DarkCrystal RAT Malware Detection: UAC-0145 Hackers Exploit Unlicensed Microsoft Office Software as the Initial Attack Vector
DarkCrystal RAT Malware Detection: UAC-0145 Hackers Exploit Unlicensed Microsoft Office Software as the Initial Attack Vector

With a 250% surge of cyber attacks against Ukraine in 2022 and over 2,000 of them launched by russia-affiliated threat actors since the outbreak of the full-fledged war, cyber defenders are looking for ways to help Ukraine and its allies boost their cyber resilience. On April 3, 2023, CERT-UA issued a new alert covering the […]

Read More
CredPump, HoaxPen, and HoaxApe Backdoor Detection: UAC-0056 Hackers Launch Disruptive Attacks Against Ukrainian Government Websites Planned Over One Year Earlier
CredPump, HoaxPen, and HoaxApe Backdoor Detection: UAC-0056 Hackers Launch Disruptive Attacks Against Ukrainian Government Websites Planned Over One Year Earlier

Approaching the date of one-year anniversary of the outbreak of full-fledged war in Ukraine, cyber defenders addressed the risks of potential attacks against Ukraine and its allies by russian offensive forces. On February 23, CERT-UA cybersecurity researchers revealed the malicious activity attributed to the UAC-0056 hacking group, which was observed in malicious campaigns against Ukraine […]

Read More
New Phishing Attack Detection Attributed to the UAC-0050 and UAC-0096 Groups Spreading Remcos Spyware
New Phishing Attack Detection Attributed to the UAC-0050 and UAC-0096 Groups Spreading Remcos Spyware

February 2023 can be marked as a month of ongoing adversary campaigns against Ukraine, exploiting the phishing attack vector and leveraging remote access software. Close on the heels of phishing attacks spreading Remcos RAT and abusing Remote Utilities software, another mass email distribution targeting Ukrainian organizations garners attention from cyber defenders. The latest CERT-UA#6011 alert […]

Read More
Remote Utilities Exploitation: New Phishing Campaign by the UAC-0096 Group Targeting Ukrainian Organizations 
Remote Utilities Exploitation: New Phishing Campaign by the UAC-0096 Group Targeting Ukrainian Organizations 

Hot on the heels of the massive email distribution in the recent malicious campaign targeting Ukrainian state bodies and leveraging Remcos (Remote Control and Surveillance) Trojan, threat actors exploit another remote administration software dubbed Remote Utilities to hit Ukrainian organizations. CERT-UA warns the global cyber defender community of ongoing phishing attacks attributed to the UAC-0096 […]

Read More
Remcos Malware Detection: UAC-0050 Group Targets Ukrainian Government Entities in Phishing Attacks Using Remote Access Software  
Remcos Malware Detection: UAC-0050 Group Targets Ukrainian Government Entities in Phishing Attacks Using Remote Access Software  

Remcos Trojan (Remote Control and Surveillance) is frequently delivered by threat actors leveraging phishing attack vectors. The malware currently reemerges in the cyber threat arena to target Ukrainian government entities.  On February 6, 2023, cybersecurity researchers released a new CERT-UA#5926 alert detailing the mass email distribution impersonating the Ukrtelecom JSC aimed to spread Remcos malware […]

Read More
UAC-0114 Group aka Winter Vivern Attack Detection: Hackers Launch Phishing Campaigns Targeting Government Entities of Ukraine and Poland
UAC-0114 Group aka Winter Vivern Attack Detection: Hackers Launch Phishing Campaigns Targeting Government Entities of Ukraine and Poland

Since the outbreak of the global cyber war, state bodies of Ukraine and its allies have become targets of diverse malicious campaigns launched by multiple hacking collectives. Threat actors frequently leverage phishing attack vectors to perform their adversary campaigns, like in December 2022’s cyber attacks distributing DolphinCape and FateGrab/StealDeal malware. On February 1, 2023, CERT-UA […]

Read More
UAC-0082 (Sandworm APT Group) Targets Ukrainian National Information Agency “Ukrinform” in a Series of Cyber Attacks Leveraging Multiple Wiper Malware Strains
UAC-0082 (Sandworm APT Group) Targets Ukrainian National Information Agency “Ukrinform” in a Series of Cyber Attacks Leveraging Multiple Wiper Malware Strains

The russia-linked Sandworm APT group (aka UAC-0082) has been continuously targeting Ukrainian public systems and critical infrastructure for at least a decade. This group is responsible for massive blackouts throughout the country in 2015-2016 caused by the infamous BlackEnergy malware. That was followed by the NotPetya campaign in 2017, which eventually ended up creating a […]

Read More
Trident Ursa aka Gamaredon APT Attack Detection: Russia-Backed Hackers Escalate Offensive Activity by Targeting a Petroleum Refinery in a NATO Country 
Trident Ursa aka Gamaredon APT Attack Detection: Russia-Backed Hackers Escalate Offensive Activity by Targeting a Petroleum Refinery in a NATO Country 

Since russia’s full-scale invasion of Ukraine in February 2022, the infamous Trident Ursa russia-affiliated hacking group also tracked as Armageddon APT aka Gamaredon or UAC-0010 has been launching its offensive operations targeting Ukraine and its allies. For over ten months, the hacking collective has performed a series of phishing cyber attacks covered in the corresponding […]

Read More